README
smartcloud-authorization
Client library providing extensions to the standard firebase
and firebase-admin
libraries for simplifying working with custom authorization within SmartCloud.
Prerequisites
The target firebase project intended for use with this library should be on
the Blaze plan to support creating multiple Realtime Database instances. A
secondary database with -auth
appended to the default project ID should be
prepared beforehand which will be dedicated to holding authorization data.
https://firebase.google.com/docs/database/usage/sharding#create_multiple_instances
Initializing the library
This library should be initialized by supplying an initialized firebase app instance to the Authorization class constructor. The app can be a firebase client instance or from the admin SDK.
const firebase = require('firebase'); // or use firebase-admin
const app = firebase.initializeApp({
// project config
});
const { Authorization } = require('smartcloud-authorization');
const authorization = new Authorization(app);
When using a standard firebase
app instances you will be required to
authenticate as normal with user credentials.
https://firebase.google.com/docs/auth/
Usage
After authenticating, the available methods with this library include:
// in client mode, you can use the following two methods to
// read any arbitrary path in the auth database (including paths
// that target other user's IDs) as long as the security rules
// of the database permits that read request
getRef(path)
getValue(path)
// in client mode, omit the userId parameter from every method call
// the following methods can only be used to query your own permissions
getPermissionValue(subpath, userId)
hasApiPermission(role, userId)
hasAppPermission(org, groupRef, userId)
hasServicePackPermission(org, groupRef, user)
hasMobilePermission(org, groupRef, user)
hasAnyPermission(groupRef, user)
canReadApiGroup(organizationId, groupRef, user)
canWriteApiGroup(organizationId, groupRef, user)
canReadApiOrganization(organizationId, user)
canWriteApiOrganization(organizationId, user)
getApiGroups(organizationId, userId)
getApiOrganizations(user)
// methods that are only available in admin mode
grantApiGroupRead(organizationId, type, groupRef, userId)
grantApiGroupWrite(organizationId, type, groupRef, userId)
grantApiOrganizationRead(organizationId, userId)
grantApiOrganizationWrite(organizationId, userId)
revokeApiGroup(organizationId, type, groupRef, userId)
revokeApiOrganization(organizationId, userId)